• Login
    View Item 
    •   DSpace Home
    • UbuntuNet-Connect
    • UbuntuNet-Connect 2015
    • View Item
    •   DSpace Home
    • UbuntuNet-Connect
    • UbuntuNet-Connect 2015
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Identity Management in SCIFI

    Thumbnail
    View/Open
    Presentation (226.5Kb)
    Date
    2015-11
    Author
    Magalhães, Luiz Claudio Schara
    Metadata
    Show full item record
    Abstract
    SCIFI is a system for building large scale wireless networks. It is comprised of a open source software controller, replacement firmware for off-the-shelf wireless routers based on OpenWRT, two identity management systems, one based on EDUROAM, the other a non-federated system for visitors and a monitoring system. This paper presents both the federated, hierarchical system used in EDUROAM and the system used for visitors, which is fairly complex due to the desire of allowing the users to self-register coupled with security and legal requirements.. SCIFI is the main element of WifiUFF, the wireless network at Universidade Federal Fluminense.The University is now the largest federal university in Brazil in number of undergraduate students, with 55 thousand students. There are 92 buildings in campi in Niteroi and several other locations in Brazil, most in the state of Rio de Janeiro. Currently, WifiUFF has 453 access points, 415 at Niteroi. A two year plan is in place to reach four thousand access points to cover the whole University. The installed base already has more than thirty thousand unique users weekly, with peaks of 3,500 simultaneous users. WifiUFF has three SSIDs, Eduroam, CadastroWifiUFF and Visitantes UFF, respectively for EDUROAM, user registration and visitors. The Eduroam SSID allows every person who is registered in the identity database at UFF (students, professors and staff) to use the network, as well as users that belong to the Eduroam federation. This paper will describe the process of authorizing both local users and users that belong to other institutions. At UFF the back-end is an LDAP server, which is queried by a RADIUS server. The other two SSIDs comprise the so called “visitors system”. The three main requirements for the system to allow access to the network to people that are not in either UFF´s or EDUROAM identity databases is that 1) they cannot do it anonymously, that is, if any misuse is detected the person can be identified; 2) the same security used for EDUROAM should be granted to those users; 3) the process should be self-driven, that is, the user himself should be able to register and get access without having to go to a specific place or talk to the University staff. To implement the requirements one open, sandboxed wireless network was created. This network, called CadastroWifiUFF, redirects http access to the registration server. This registration server allows new users to register and users that have not completed the configuration process to access manuals and applications that help configure their machine. At the end of the registration process the server sends an SMS with the user login/password pair. The SMS is the confirmation that the user has access to the phone that was registered, and serves as the identity. In Brazil all cell phones are registered. In the US or other countries that allow anonymous cell phones the system would have to be changed. The user then configures its system and gains access to the VisitantesUFF network.
    URI
    https://repository.ubuntunet.net/handle/10.20374/246
    Collections
    • UbuntuNet-Connect 2015

    Contact Us | Send Feedback
    Operated by 
    UbuntuNet Alliance
     

     

    Browse

    All of DSpaceCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    LoginRegister

    Contact Us | Send Feedback
    Operated by 
    UbuntuNet Alliance